Monday, November 26, 2018

ตัวอย่างการ configue relay mail on Centos

Ref: configure-postfix-to-relay-mail-to-an-external-smtp-server-on-centos-7/

Configure Postfix to Relay Mail to an External SMTP Server on CentOS 7

Posted on by
The benefit of having two Postfix servers relaying email to an external SMTP server is redundancy.
This article is part of the Homelab Project with KVM, Katello and Puppet series.

Homelab

We have two CentOS 7 (minimal) servers installed which we want to configure as follows:
admin1.hl.local (10.11.1.2) – will be configured as a Postfix relay
admin2.hl.local (10.11.1.3) – will be configured as a Postfix relay
Both servers have SELinux set to enforcing mode.
See the image below to identify the homelab part this article applies to.

Software

Software used in this article:
  1. CentOS 7
  2. Postfix 2.10

Install Postfix

Note that this section applies to both servers.
Install Postfix and ensure that the service is enabled:
# yum install postfix cyrus-sasl-plain
# systemctl enable postfix
In case Sendmail is installed, remove it:
# yum remove -y sendmail*
Allow inbount firewall traffic:
# iptables -A INPUT -s 10.11.1.0/24 -p tcp -m state --state NEW --dport 25 -j ACCEPT

Configure Postfix Server as a Relay

Note that this section applies to both servers. Open /etc/postfix/main.cf for editing and configure the following:
smtpd_banner = $myhostname ESMTP
inet_interfaces = all
inet_protocols = ipv4

mynetworks = 127.0.0.0/8, 10.11.1.0/24
relayhost = [mail.example.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CApath = /etc/ssl/certs
smtp_use_tls = yes
Create a new file /etc/postfix/sasl_passwd and add the authentication details of the external SMTP server:
[mail.example.com]:587 user@example.com:passwd
Prevent non-root access:
# chmod 0600 /etc/postfix/sasl_passwd
Create a database file:
# postmap /etc/postfix/sasl_passwd
Check configuration and restart Postfix service:
# postfix check
# systemctl restart postfix

Configure Postfix on a Null Client

When we configure other homelab servers to us Postfix to relay emails via admin1 and admin2, we can have a fallback relay defined (taken from the Postfix configuration file /etc/postfix/main.cf that’s on the Katello server):
relayhost = [admin1.hl.local]
fallback_relay = [admin2.hl.local]
This gives us redundancy in a way so that if one of the SMTP relays is down, we can send emails out via the second one.
Here is an example taken from our Katello server when both relays are operational:
[katello]# echo test|mailx -s TEST user@example.com
Feb 18 18:09:52 katello postfix/pickup[23067]: 328C73D94: uid=0 from=
Feb 18 18:09:52 katello postfix/cleanup[23089]: 328C73D94: message-id=<20180218180952 .328c73d94="" katello.hl.local="">
Feb 18 18:09:52 katello postfix/qmgr[23068]: 328C73D94: from=, size=421, nrcpt=1 (queue active)
Feb 18 18:09:52 katello postfix/smtp[23091]: 328C73D94: to=, relay=admin1.hl.local[10.11.1.2]:25, delay=0.13, delays=0.04/0.02/0.03/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4A557532)
Feb 18 18:09:52 katello postfix/qmgr[23068]: 328C73D94: removed
We see that email was relayed via admin1. Now, if the admin1 server was down, the email would get relayed via admin2:
Feb 18 18:11:17 katello postfix/pickup[23067]: A81993D96: uid=0 from=
Feb 18 18:11:17 katello postfix/cleanup[23089]: A81993D96: message-id=<20180218181117 .a81993d96="" katello.hl.local="">
Feb 18 18:11:17 katello postfix/qmgr[23068]: A81993D96: from=, size=421, nrcpt=1 (queue active)
Feb 18 18:11:17 katello postfix/smtp[23091]: connect to admin1.hl.local[10.11.1.2]:25: Connection refused
Feb 18 18:11:17 katello postfix/smtp[23091]: A81993D96: to=, relay=admin2.hl.local[10.11.1.3]:25, delay=0.2, delays=0.01/0/0.08/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as C9F614D6)
Feb 18 18:11:17 katello postfix/qmgr[23068]: A81993D96: removed
 
 
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)